How can I encrypt JavaScript code so that it's not decryptable?

If you truly want to encrypt it so that no one else can decrypt it, you could use one of any number of encryptions. For instance, to do it manually, you could use http://www.truecrypt.org/; or to do it programatically, use the encryption libraries available in http://farfarfar.com/scripts/encrypt/. If what you are really asking, though, is how to obfuscate the code so that no one can reverse-engineer it, the answer is: you can't, not in Javascript or any other language. The best you can do is make it more difficult on the reverse-engineers by making it hard to read; for that, there are any number of tools: http://www.javascriptobfuscator.com/ http://www.stunnix.com/prod/jo/ http://tools.2vi.nl/

There is no way to do that. You can obscure it and have some domain checking code in it. Or you could have it served with a server-side script that checks the referring domain.

There is no way to do so because at the end of the day, the code still has to run, unencrypted, on the client machine, which means the routine to decrypt the code has to be sent alongside the encrypted code. You're handing them both the lock and the key, all they have to do is turn. Your best best is to run it through an obfuscator, but even then, its not like somebody won't be able to just rewrite it themselves without the need to attempt to read your code anyway.

While not actually encrypted, Yahoo's http://developer.yahoo.com/yui/compressor/ will compress and obfuscate your JavaScript for normal use and provides better compression that http://www.crockford.com/javascript/jsmin.html.

Microsoft used to provide Script Encoder to encode your JavaScript (and ASP and VBScript etc.) but the encoded script only worked in Internet Explorer so it was a big no-no (http://msdn.microsoft.com/en-us/library/cbfz3598%28VS.85%29.aspx) Nowadays only obfuscation is an option. But you can break any obfuscation with tools like the http://jsbeautifier.org/ so your out of luck. You can minimize and you can obfuscate but you truly can't hide what you are doing. The best minimizer/obfuscator is probably http://closure-compiler.appspot.com/home - it's very advanced and might turn your code into something very hardly understandable.

What you're looking for is obfuscation, not encryption. There are tools such as http://www.crockford.com/javascript/jsmin.html and the http://developer.yahoo.com/yui/compressor/ that will make your code very unreadable, to the point where no one would want to try to make sense of it. However, there is no way to make it so that someone can't copy and paste it onto their own website and run it there. I wouldn't worry about it, honestly, because you'd be wasting your time trying to protect something that can't be protected. Try putting all your "important" logic on the server-side, if possible, because that's the only foolproof way to do it. If the browser can access it, so can anyone else.

I think you're confusing encryption with compiled binary. Not even commercial closed-source software such as Microsoft Office or Adobe Photoshop are encrypted for distribution. But they are compiled to native machine code, which makes them hard to reverse engineer. JavaScript has no such thing as a compiled binary. But, as more and more browsers move to bytecode compilation to achieve faster performance, we may someday have a compiled JavaScript source format. Perhaps, analogous to Python's .py and .pyc files, maybe we'll have a .jsc or JavaScript Compiled file, that can be delivered to the browser in binary form, to run in its JavaScript virtual machine. No such thing exists yet though. And even if it did, this is just a more intense obfuscation. Obfuscation is fine for preventing casual copying and sharing, but if you need really protect your intellectual property, move the logic server-side.

What you want is theoretically and practically impossible. People will tell you here that it is not possible and you might think "Well, that's because nobody has tried hard enough". No. It's impossible in the same way that calculating the nth prime number in linear or constant time is impossible. It's impossible in the same way that the halting problem is impossible to solve. "What do you mean 2+2 doesn't equal five? You're not trying hard enough!" Not only is it impossible though, but the motivations for wanting this sort of thing are normally pretty misguided. It's always a fundamental mistake to attempt to use technology to solve a problem that is fundamentally a legal problem. You want to protect your code from "pirates" or competitors, perhaps? It's not likely that you've written anything particularly worth stealing, but if you have, and you don't want people to steal it, then your only true recourse is the rule of law. However, on a larger level, your problem is not likely going to be competitors or pirates stealing your code. Your problem is going to be business oriented: Gaining an audience through making a quality product, and the right price, and with sufficient marketing. You do that right, someone stealing your code doesn't matter. You do it right, and having the "authentic original" will appear to have real value. In fact, if you release your stuff open source, it can only really help you, because then you have an army of interested amateurs working for you for free, potentially. Piracy and reverse engineering is actually a godsend because it means people are interested enough in your product to want to improve it. The best thing is to do whatever you can to let that happen. If your business really does depend on keeping some javascript secret, then you've basically made a mistake in your business plan at stage 1. If your business is selling a javascript library (such things exist!), then you're no worse off than any other seller of software. The best thing to do is to market it towards honest businesses that have no problem with giving you money. The people that pirate your stuff had no intention of paying you anyway- and get the fundamental disadvantage that they don't get your technical support, or regular maintenance updates. If this is not a business effort, then I really have no idea why you're even bothering. Proper credit?

I don't think you want encryption, unless you're going to write a browser extension that can decrypt the javascript. I thing GWT, or even http://www.crockford.com/javascript/jsmin.html can sufficiently compress / obfuscate your javascript for normal use. If you want to tie some client side code to your site, you may want to consider some sort of a random handshake that depends on a server-side method to 'validate' the javascript. I don't even know if that's feasible though.